This is the question many medical organizations bear in mind today.
The main HIPAA compliance rules include the following aspects: the privacy rule (this works regarding health plans, health professionals, and so on), the rule concerning security, the implementation, and breach note rule.
If you wish to make your website HIPAA compliant, then you need to pick a HIPAA compliant hosting, not to forget about data encryption, and secure authorization process.
Besides, getting an SSL certificate will be a very good idea.
Moreover, what you need to do is to assign a HIPAA compliance officer, publish its police, and make a data breach protocol.